File block, also in Office 2003 and 2007, has been improved to provide better granularity of control over how Word, Excel and PowerPoint open different file types. The 2007 methods seem pretty granular to me, so I'm not sure what this means.

The new Office File Validation focuses only on the old formats and, before opening them, validates that they have proper file format structure. Microsoft did this in Publisher 2007 which, they claim, "worked out pretty well," and many Office file-based attacks work by corrupting the file structure.

Protected View is a sandbox shows the user a document loaded in a read-only, low-privilege context. If it's malicious, you can still see it but it can't harm you. You can then say you trust the file and it will open in the full editing environment, and Office remembers this trust decision. They did something similar with MOICE (the Microsoft Office Isolated Conversion Environment) which converts old Office formats to the new ones automatically and in an isolated, sandboxed environment.

Microsoft contends that these features add "...an indistinguishable performance impact on your load time" and allow you to work with Office files more safely than in the past.

Complex files are a common source of vulnerabilities on all platforms, not just Office. Office is a big fat target of course, because of its popularity, but such vulnerabilities exist in all products of sufficient complexity. For example, this vulnerability allows a malicious file opened in OpenOffice.org the ability to grant an attacker control of the system.